ubuntu-translations-coordinators team mailing list archive

[Mathew Hodson <mathew.hodson@xxxxxxxxx>]

** No longer affects: unar (Ubuntu)

** Project changed: gnustep => ubuntu-translations

** No longer affects: ubuntu-translations

** Project changed: unar => ubuntu-translations

** No longer affects: ubuntu-translations

** Also affects: gnustep-base (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717773
   Importance: Unknown
       Status: Unknown

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Translations Coordinators, which is subscribed to Ubuntu Translations.
Matching subscriptions: Ubuntu Translations bug mail
https://bugs.launchpad.net/bugs/1357051

Title:
  Security & runtime + package bloat issue: gdomap .

Status in elementary OS:
  Fix Released
Status in gnustep-base package in Ubuntu:
  Fix Released
Status in gnustep-base package in Debian:
  Unknown

Bug description:
  gdomap is running by default yet has no reason to be running by
  default: gdomap -N . It is pulled from the chain of file-roller ->
  unar -> Depends: gnustep-base-runtime & libgnustep-base1.24 . gdomap
  is pulled in from gnustep-base-runtime.

  According to Debian it shouldn't be there[in that package] or at least shouldn't be running by default and was changed.
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717773

  It has also been a pain in terms of being a constant security problem over the years. This random program also runs as root. The included version of 1.24.0 for example fits the <1.24.6 requirement listed here:
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2980

  There are boatloads more you can find previously and probably many
  more to come in the future.

To manage notifications about this bug go to:
https://bugs.launchpad.net/elementaryos/+bug/1357051/+subscriptions